ISPs Inserting Ads Into Your Pages 434
TheWoozle writes "Some ISPs are resorting to a new tactic to increase revenue: inserting advertisements into web pages requested by their end users. They use a transparent web proxy (such as this one) to insert javascript and/or HTML with the ads into pages returned to users. Neither the content providers nor the end-users have been notified that this is taking place, and I'm sure that they weren't asked for permission either."
Suprise! (Score:5, Funny)
Oh wait, we do... crap.
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:2)
And hey greg, long time!
Re:Suprise! (Score:5, Insightful)
Things used to be much worse. Advertisers would have their logos splashed all over TV shows and movies. On TV news they would be on the anchor desks, in the backgrounds, even on the clothes the anchors would wear.
There's a great exhibit in the Old Louisiana State Capitol [glasssteelandstone.com] that is an old TV news set from the 50's. The news was called something like "The Esso Seven O'Clock News" and there's a big Esso logo on the front of the desk, and I think one on the microphone as well as other places.
Quite an eye-opener. At least modern product placement is subtle. I think we're just getting more sensitive to it.
Re:Suprise! (Score:5, Funny)
So, slashdot, why are you running 50 ads at the top of every page? I thought when I subscribed I wouldn't have to see these anymore, but since you don't have a friendly guy I can call to talk to about it, I'll have to assume you're trying to screw me over here.
Re: (Score:2)
Or maybe, as shown by the lack of "*" or whatever by your user name, maybe your subscription expired?
Re: (Score:2)
What ads? I don't see any. That's what Adblock is for.
Re:Suprise! (Score:5, Funny)
Absolutely insightfull.. (Score:2, Insightful)
Re: (Score:3, Interesting)
Internet service and network service providers for the Internet have for the long time been a protected monopoly. Sure there was dial up service that anyone could start, but that was the only last mile option they had for the longest of time.
Now, to understand the net neutrality correctly, what the service provide
Re: (Score:3, Insightful)
Too bad that is mostly a myth in the US. Our rich don't tend to be inherited wealth, somebody earns it (usually by merit) and their desendents piss it away in a generation or two. And the poor don't get poorer, our standard of living is increasing in all social classes. Is it even fair to use the word 'poor' to describe teh less well off in the US when the #1 health problem for the 'poor'
Actually, It Will (Score:2)
Re: (Score:3, Insightful)
Re:Suprise! (Score:5, Insightful)
Actually, I'm more pissed as a content provider then I am as a consumer. How dare they! If I wanted advertising on my content, I'd put it there, and get paid for it. For me, this is totally stealing from content providers and not just annoying to consumers. I mean, isn't that like making money off of other peoples content? Wouldn't that be more like a telephone company forcing you to listen to an add before you place or receive a call? Imagine....
Phone rings and you pick up....
(You) - Hello? (Automated Hell) - Hello, this is A-T-And T, we have a call for you, but first, we'd like you to enjoy a message from our sponsors...
(You) - Click!
Fuck that! Stealing content...bullshit.
Re:Suprise! (Score:5, Interesting)
Everyone, immediately call a lawyer and run away from any ISP that does this. You have been warned.
Re: (Score:2, Informative)
The ISP even having this information in their logs starts a huge slippery slope.
Clearly you're not familiar with CALEA. They not only log your traffic, they store all the packets so the courts can request them later.
Re:Suprise! (Score:5, Insightful)
Clearly you're not familiar with CALEA. They not only log your traffic, they store all the packets so the courts can request them later.
Um, how? Even a 10Mbit pipe is 108GB / day. So how much bandwidth does a typical ISP use, and where do they get enough storage to remember it all?
Re:Suprise! (Score:4, Funny)
Re: (Score:2)
Fortunately they can't do that without your browser screaming the name on the cert doesn't match the hostname.
Of course, a large % of clueless users will ignore the strongly worded warning and click ok.
Only way they could do that is if they had their own trusted root certification authority - then they could make up a new cert for the website you asked for on the fly, and your browser would trust it
Re: (Score:2)
Re: (Score:3, Interesting)
I don't think you can use bogus SSL certs, IF you already use your own.
So my first and only advice to this "crisis" is
--> Use SSL-only web hosting for even the most basic set of pages. ---
With SSL-encrypted traffic no other node or ISP can ever know what's inside your packets and can therefor
Re: (Score:3, Insightful)
To have a man-in-the-middle, all you need is a certificate signed by an authority that your computer trusts. The ISP can surely get that.
Not quite. The cert also needs to contain the name of the host that you're connected to, otherwise your browser is going to complain. Is your ISP going to be able to get a cert issued to them with the hostname "www.bankofamerica.com"? Unlikely.
However, what the ISP could do is just strip the SSL protection. The SSL channel would be in effect between the remote server and the ISP's proxy server, but the data would be unencrypted between the proxy server and your computer.
I can't see anyone actually
DNS hijacking does allow defeat of SSL (Score:4, Insightful)
Give this man a cookie, or at least a mod point.
Once they manage to get your browser loaded up with a CA they control it is game over. Imagine, you type www.chase.com into your browser. Remember, THEY also operate your DNS. They resolve www.chase.com to an address they control and generate a certificate linking www.chase.com to that IP. Meanwhile their proxy server connects to the real https://www.chase.com/ [chase.com] and retrieves the homepage. Then their faked out server reencrypts the content and their inserted ad and sends it on to your browser which displays it with the lock intact.
This is what the various secure DNS proposals are intended to address. DNS hijacking allows almost any abuse in the higher layers.
Re:Suprise! (Score:5, Interesting)
I am almost always against laws (which are often worse than the ill they are trying to right), but it seems to me that there ought to be some sort of regulation that requires ISPs (since they are mostly effectively monopolies) to offer a transparent pipe for those who want to avoid all their obnoxious practices.
Re: (Score:3, Informative)
Additional cost, additional latency... but at least you'll have a real internet connection again.
Re: (Score:2)
Re:Suprise! (Score:4, Interesting)
Re:Suprise! (Score:5, Insightful)
What GeoCities does is OK. The content provider has to agree.
What some ISPs do in return for free internet is OK too (add popups or whatever) - at least that what used to happen. In this case customers KNOW that the popups are from the ISP. But popups *must* be separate from the webpage, not in it.
But if you come along and *insert* ads on my pages and thus benefit from my work, I have no choice but to sue. That is copyright violation. Period. They are costing the content provider money.
Re: (Score:3, Interesting)
There was actually a case in Sweden last year where the directors Claes Eirksson [imdb.com] and Vilgot Sjöman [imdb.com] successfully sued Sweden's largest commercial TV station TV4 [wikipedia.org] after it had shown two of their films with interruptions for commercials. In the ruling [www.klys.se] the court concluded that the interruptions were an infringemen
Like CleanFlicks (Score:3, Interesting)
Re:Suprise! (Score:5, Informative)
This isn't like creating a derivative work, it is creating a derivative work. They're even profiting from it, as they're selling the ad space thus created.
Re:Suprise! (Score:5, Funny)
What about code validation? (Score:5, Interesting)
Re: (Score:3, Interesting)
Re:What about code validation? (Score:5, Interesting)
Re: (Score:3, Informative)
The problem was not the placement of the <script> element. While the <head> element is mandatory in HTML 4.01, its opening and closing tags are optional. All you had to do was delete your opening <head> tag. Everything after the opening <html> tag but before your closing </head> tag would be assumed to be in the <head> element.
The real problem was that they didn't specify
Re:What about code validation? (Score:4, Informative)
Re:What about code validation? (Score:5, Insightful)
Unfortunately, Internet Explorer is also oblivious to XHTML 1.1's existence, which means you'll be turning away the majority of your visitors (assuming typical demographics).
Don't Worry... (Score:2)
Don't worry about it. I'm sure that the pages will render perfectly in Internet Explorer.
Re: (Score:3, Funny)
If I pour a lethal dose of highly radioactive material over you, you'll sue me since the green skin glow doesn't match your clothes, wouldn't you.
On the one hand... (Score:4, Insightful)
And on the third hand... isn't this going to break a whole bunch of websites? I'm having a hard time imagining how they could do it without major side effects.
(* I'd be wanting to stuff a few ads up their HTTP stream, I can tell you)
Re:On the one hand... (Score:5, Funny)
And on the third hand... isn't this going to break a whole bunch of websites? I'm having a hard time imagining how they could do it without major side effects.
Don't worry, I'm sure it's been thoroughly tested with Internet Explorer.
Re: (Score:2)
Re:On the one hand... (Score:5, Insightful)
Why? Profit. It's a great motive.
Re: (Score:2)
Back in days of yore when I was with Rogers, they did exactly that. You would get a certain amount of webspace, and they would stick banner ads on your site. If you wanted no ads, you paid extra. Of course, when I originally started with them (due to them annexing my previous cable provider) there were no banner ads, bandwidth was cheaper, and I could run my own servers. I'm not with Rogers anymore.
I've seen this at least a year ago (Score:3, Interesting)
It was especially annoying when the ad insertion code didn't quite work right and caused web pages to break.
I've known about this for a while... (Score:5, Informative)
When I worked at the helpdesk of a small ISP [dowco.com], we were approached by this company [adzilla.com] to see if we were interested in letting them test their ad-inserting proxy server on our customers. I protested that it was scummy and might lead to legal trouble (I was guessing) over changing pages in-flight, but my bosses didn't listen. That was back in 2002 or 2003, and I left shortly after to take another job. No idea what's going on there now.
I'm moving to a new ISP [uniserve.com] since my current one [www.shaw.ca] has started blocking port 25 in and out. I run my own mail server, so I appreciate that Uniserve's TOS [uniserve.com] explicitly allow servers (clause #19). However, they also explicitly say that they insert ads:
Needless to say I'm not happy about that, but in Vancouver my choices are limited: Telus (who'll censor web pages [thetyee.ca] if they belong to a union striking against them), Shaw, or a handful of small ADSL ISPs that all seem to be much the same. Uniserve seems the best of a bad bunch.
Re: (Score:2)
Privoxy for one. It eliminate all Ad's that you do not like. I filter everything from doubleclick and it speed up webpage loads by 60%.
IF they want to start playing nasty, it's time to claim back your internet. Strip all the advertising you do not agree with. I get the think geek and other ad's here on slashdot, I dont get the Microsoft FUD campaign Ad's or any of the flash ad's as well.
Get and install PRivoxy, it works great.
Re:I've known about this for a while... (Score:5, Insightful)
As a content provider, I didn't give them any licence to create derivative works. Creating versions of my pages with ads, is clearly creation of a derivative work.
But of course, it's much more important for copyright law to prevent me from copying a CD for a friend, then to prevent some large ISP from violating my moral rights [wikipedia.org] by whoring out my content.
Re:I've known about this for a while... (Score:4, Informative)
Re: (Score:3, Insightful)
Belkin sucks! (Score:5, Interesting)
They later issued a new firmware that disabled this. But not before I had issued them a "fuck off" feedback. I have never bought another belkin product since and I strongly urge no-one else to do so either. Fuck them.
Links to Belkins suckiness (Re:Belkin sucks! ) (Score:5, Informative)
Yes I know their hardware sucks for other reasons also.
Re: (Score:3, Interesting)
I second that. We had a KVM of Belkin in the office ... it acheaved a level of suckiness I've rarly seen in the computer world. Most days it would just stop working, or the keyboard would stop working and a few times got into an endless loop switching between computers. How hard can it be to make a KVM? In the end it was easier setting up two keyboards, mice and screens :-/
When I bought one for home I went out of my way to get a non-Belkin model, ended up with some no-name brand and it works flawlessly. C
Opt Out Link (Score:5, Informative)
I think their behavior with this product is reprehensible. Pass the link on to anyone you know who is affected and encourage them to call their ISP and complain every day until it's removed. If all their call center does is get complaints, they'll reconsider whether it's making them any money.
ISP comparisons need to note this (Score:2)
Hit them where it hurts: right where people are deciding which ISP to go with.
Re:ISP comparisons need to note this (Score:4, Informative)
Hit them where it hurts: right where people are deciding which ISP to go with.
That only works if there is actual competition. In most large cities, customers have only two choices. They can go with cable modem service from Some Big Cable Company or DSL service from Some Big Telecom Company. Both usually suck. People living in smaller communities often have no choice at all.
Re:ISP comparisons need to note this (Score:4, Insightful)
I may not often agree with Gordon Brown: but him objecting to Sarkozy's attempt to remove 'competition' as a basic tenet of the EU was 100% correct. Protectionism, in the long term, hurts all consumers.
Re: (Score:2)
"In most large cities, customers have only two choices. They can go with cable modem service from Some Big Cable Company or DSL service from Some Big Telecom Company."
Those are the two providers of physical access to your premis. Smaller ISPs have worked over that moat for years. Portland, Ore. is not that large a city. We have a dozen ISPs I can name off the top of my head. All provide service over DSL lines that go through Qwest or Verizon (depending on your location) physical infrastructure.
Ch
Re: (Score:2)
Support Costs (Score:2)
Data corruption (Score:4, Interesting)
If this continues then someone can write a plugin for Firefox to stop the adverts.
Time to rebuild the freenets. (Score:3, Interesting)
What about freenetworks.org [freenetworks.org]? Are Wifi Coops [wificoop.org] any good? Any others?
Re: (Score:2)
Cory Doctorow [wikipedia.org] wrote an okay book (most of his writing is great; this one seemed to drag, although has some neat devices, like the use of any arbitrary name as long as it started with the same letter to describe each character), Someone Comes to Town, Someone Leaves Town [wikipedia.org].
In fact, wikipedia summarizes it quite nicely, so here's the relevant part:
There's Always Fido Net (Score:2)
But no matter how you slice it, "browsing" at 300 baud really sucks. Gives new meaning to "
Copyright Bonanza (Score:5, Insightful)
If my ISP copies it for any other purpose, like inserting ads, or copies it into (or as) some other context, like an ad page, it's violating my copyright.
Every copyright violation - every page - makes them liable for a fine. That can really stack up, and costs a lot more than each page view generates in ad revenue.
Unless I've signed away my copyright in some contract with the ISP. Which I personally haven't. Nor should you.
If you have retained your copyright, and your ISP violates it, you should look forward to them handing over their business ownership to pay the damages. Email your lawyer from your other account and get the ball rolling. Why should corporate copyright holders have all the fun?
Re: (Score:2)
Re: (Score:2)
Presumably the ISPs involved have lawyers too, and would have researched this question. Still, U.S. copyright law has been used to beat up the consumer lately, so it would be nice to see it work in the consumer's favor.
Re: (Score:3, Interesting)
A proxy makes a copy for reasons other than publishing the content in the current transaction, so (nitpicking) it would mean it is ilegall.
Anyway. I'm not sure if copyright should be the law preventing this, I'd much rather have it illegal under some sort of privacy or wiretapping law. I mean, UPS doesn't stick adverts inside mail, and what the ISP is do
Re: (Score:2)
But copyright law does prohibit this abuse. It's up to you whether you take action under that law or not. You might take action under some other law prohibiting it. Or all the laws that do prohibit it.
Re: (Score:2)
But obviously, if copyright law can hurt companis doing it, fire away. [I hope] They'll most likely sht it down entirely when/if the other option is paying damages or a lengthy court battle.
Re: (Score:2)
If all you're doing is passing through one public domain content set, then you don't control the copyright on it, so you can't control your ISP's copying. The only right you have might be to the URL requests, which isn't copyright at all. Only if your contract with your ISP specifies "noncircumvention" do you have th
Re: (Score:2)
Re: (Score:2)
It doesn't matter whether or not you give a damn about a copyright you do not control. Only whether you have it and use it, or don't and can use something else. Which I also explained in my OP.
Re: (Score:2)
You know you're probably right about that. Any way you slice it, this practice is abominable. I hate to quote him (I couldn't stand the man) but Jack Valenti once said something that was actually tru
Re: (Score:3, Insightful)
Nitpicking, anything between the end user and you is a system of relays. The law already has provisions for this, going back things like radio, where the transmissions have to be rebroadcast over many hops.
The "unlicensed derivative work" angle is interesting; I could see how that argument, if made, could get traction in a court.
C//
Re: (Score:2)
I ran an ISP for several years, and still deal with the CEOs and admins of several. They're not inclined to let lawyers constrain their bizmodel, and courts have not changed their minds much.
Re: (Score:2)
I suppos
Re: (Score:2)
This is not an atomic database transaction that happens immediately. It's a real world transaction, that can be ongoing and open-ended in time, like, say, an autorenwed newspaper delivery subscription. You agree to let the ISP copy your content to publish it. That includes proxies caching it for more efficient distribution after the initial request. The HTTP protocol includes "opt-out", in "NOPROXY" headers, so pages without them are implicitly
How to take advantage of this (Score:5, Interesting)
1) Generate a unique id for every webpage transmitted. php's uniq() function would be fine. Embed it in the page.
2) Generate a checksum before transmitting the page. Save the id and the checksum, perhaps in a mysql database, when transmitting the page.
3) Embed a javascript that can compute the checksum of the document at the user's end. Have it transmit the checksum back to the server.
4) If the checksum doesn't match, have the javascript transmit the content of the page and it's headers, and perhaps even a traceroute, back to the server.
5) Server stores all of the above in a "pages corrupted in transmission" log.
Log analysis should then give you a list of ISPs who have consistently corrupted your pages, details on what they inserted, and documented # of violations with date and time. You can take this documentation to the court and say "Look! Earthlink/Megapath/AT&T/Whoever has illegally copied my website to market their own advertisements 12,432 times in the last year!". Demand remuneration.
6) Profit!
7) Reduce ISP's willingness to fsck with other people's content and thereby make the world a better place.
8) (Optionally) Have your own javascript strip their ad and/or put a banner at the top that notes "Your ISP has attempted to illegally insert their own advertising into our website, thereby making money off you and me without either of our permission. We strongly suggest you switch internet service providers." -- try to get user pressure on the ISP.
I'm about to head out on a 10-day vacation. When I get back, if one of y'all hasn't written this yet I'll start on it myself.
Re:How to take advantage of this (Score:4, Informative)
Of course, I also have Noscript, so I'd not even register in your scheme.
Copyright infringement (Score:4, Interesting)
Re: (Score:2)
So does injecting HTML. Fair use allows some exceptions. For example, if the ISP needed to tinker with your headers or page to get around problems with upstream routers, that might be OK.
I'm not (thank God) an IP lawyer but intuitively, it doesn't seem that pasting advertising into someone else's creative work without permission would be fair use.
Re: (Score:2)
The bad news is they have to use the DMCA.
I disagree -- this is great news! Stick it to The Man by using his own laws against him.
Phone service providers are doing this too (Score:5, Funny)
There should be legal questions (Score:4, Insightful)
Content providers who earn income from their own web activity should be among the first to file suit against these ISPs. I imagine network TV companies would be VERY offended if advertisments were inserted over, in or around their own presented material and web based business should be expected to have the same offense taken.
Smells to me... (Score:4, Interesting)
Distribution is an exclusive right of the copyright holder.
That they change the content means all paragraph 512 limitations are out the window.
The fair use test (commercial, creative work, almost whole work (all the non-ad content), kills ad revenue) is a 0-4 slam dunk against.
So tell me exactly, what's protecting the ISP from an "allofmp3" style lawsuit for a few trillion, since every web page is a $150,000 lawsuit in itself? Whoever in the legal department who approved this should be terrified.
Go Somewhere Else? (Score:3, Interesting)
In these days of webmail and portable email addresses/domain names, why don't more people do this? It's still a buyer's market, and there's still lots of mom-and-pop ISPs who'll be glad of your business.
All the talk of 'taking legal action' smacks to me as being what's typically wrong with the entire attitude of everyone today. Compensation culture and all that - where there's blame there's a claim.
Re: (Score:2)
The FCC is a big part of this: they need to stop trying to "manage competition". They aren't very good at it. I'm fortunate that I live (for now) in a area with multiple providers (for now.) I currently have th
Re: (Score:3, Interesting)
Re: (Score:2)
You are well and truly fucked.
Don't just stand for it! (Score:3, Funny)
Failing that, exercise your GOD-GIVEN RIGHT to walk into the ISP's main offices with an automatic shotgun.
I figure that either way, you're not gonna be using that ISP any longer.
Fair play. (Score:3, Funny)
Ah, but there is a weakness (Score:2)
The assumption of the ISP is that the ads are rated "G".
Simply buy ads from their service that will offend all their
users.
The amazing health and psychological benefits of abortion
ought to do it. And at the bottom: This ad brought to you
by your friendly neighborhood ISP.
Ads == harassment (Score:3, Interesting)
Alternatively, lift all restrictions on advertisement. Then we'd at least have nude girls and hardcore porn on every wall and window, instead of beer and washing powder.
Use a proxy... (Score:2, Informative)
Re: (Score:2, Offtopic)
How did a crap story like this get onto the front page of slashdot?
Re: (Score:2)
Are you an idiot or did you just fall off the turnip truck? You don't see MAC addresses unless you're on the same LAN.
That being said, is there any sort of signature by which content providers could identify requests from one of these poxy boxes and block or otherwise sabotage the unauthorized insertions?
Re: (Score:2)